jackie13 Posted June 29, 2007 Share Posted June 29, 2007 Hello everyone, I need to protect a few pages on my website. I already have a third party forum installed. I figured it would be convenient for my users to use their current logins/passwords to view the protected pages. Problem: I am aware that a simple login form I created is vulnerable to brute-force attacks. What easy (or relatively easy) method would you use to limit the number of failed login attempts to, say, 10 attempts a day? Link to comment https://forums.phpfreaks.com/topic/57649-limiting-failed-login-attempts/ Share on other sites More sharing options...
Buyocat Posted June 29, 2007 Share Posted June 29, 2007 One solution you could use is to store a timestamp and integer in the user's session. You could then read those in and check the integer and timestamp for a certain frequency, and if some limit was met redirect or block the user from logging in. I think a bigger concern will be leveraging the existing database, but that may be doable if all you're attempting to provide is a username/password check. Link to comment https://forums.phpfreaks.com/topic/57649-limiting-failed-login-attempts/#findComment-285522 Share on other sites More sharing options...
448191 Posted June 29, 2007 Share Posted June 29, 2007 The simplest solution would be to use the login logic from the forum. Link to comment https://forums.phpfreaks.com/topic/57649-limiting-failed-login-attempts/#findComment-285531 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.